1 files changed, 1 insertions, 60 deletions
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c
index f549eeb437..8ea5aa935d 100644
--- a/src/lib/libcrypto/evp/evp_enc.c
+++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -82,48 +82,6 @@ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
        return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);
        }
-#ifdef OPENSSL_FIPS
-/* The purpose of these is to trap programs that attempt to use non FIPS
- * algorithms in FIPS mode and ignore the errors.
- */
-int bad_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-            const unsigned char *iv, int enc)
-        { FIPS_ERROR_IGNORED("Cipher init"); return 0;}
-int bad_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                 const unsigned char *in, unsigned int inl)
-        { FIPS_ERROR_IGNORED("Cipher update"); return 0;}
-/* NB: no cleanup because it is allowed after failed init */
-int bad_set_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
-        { FIPS_ERROR_IGNORED("Cipher set_asn1"); return 0;}
-int bad_get_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
-        { FIPS_ERROR_IGNORED("Cipher get_asn1"); return 0;}
-int bad_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
-        { FIPS_ERROR_IGNORED("Cipher ctrl"); return 0;}
-static const EVP_CIPHER bad_cipher =
-        {
-        0,
-        0,
-        0,
-        0,
-        0,
-        bad_init,
-        bad_do_cipher,
-        NULL,
-        0,
-        bad_set_asn1,
-        bad_get_asn1,
-        bad_ctrl,
-        NULL
-        };
-#endif
 int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
             const unsigned char *key, const unsigned char *iv, int enc)
        {
@@ -188,6 +146,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
                else
                        ctx->engine = NULL;
 #endif
                ctx->cipher=cipher;
                if (ctx->cipher->ctx_size)
                        {
@@ -251,24 +210,6 @@ skip_to_init:
                }
        }
-#ifdef OPENSSL_FIPS
-        /* After 'key' is set no further parameters changes are permissible.
-         * So only check for non FIPS enabling at this point.
-         */
-        if (key && FIPS_mode())
-                {
-                if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS)
-                        & !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
-                        {
-                        EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_DISABLED_FOR_FIPS);
-                        ERR_add_error_data(2, "cipher=",
-                                                EVP_CIPHER_name(ctx->cipher));
-                        ctx->cipher = &bad_cipher;
-                        return 0;
-                        }
-                }
-#endif
        if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
                if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
        }

diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c index f549eeb437..8ea5aa935d 100644 --- a/src/lib/libcrypto/evp/evp_enc.c +++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -82,48 +82,6 @@ int EVP_CipherInit(EVP_CIPHER_CTX ctx, const EVP_CIPHER cipher,
82	return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);	82	return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);
83	}	83	}
84		84
85	#ifdef OPENSSL_FIPS
86
87	/* The purpose of these is to trap programs that attempt to use non FIPS
88	* algorithms in FIPS mode and ignore the errors.
89	*/
90
91	int bad_init(EVP_CIPHER_CTX ctx, const unsigned char key,
92	const unsigned char *iv, int enc)
93	{ FIPS_ERROR_IGNORED("Cipher init"); return 0;}
94
95	int bad_do_cipher(EVP_CIPHER_CTX ctx, unsigned char out,
96	const unsigned char *in, unsigned int inl)
97	{ FIPS_ERROR_IGNORED("Cipher update"); return 0;}
98
99	/* NB: no cleanup because it is allowed after failed init */
100
101	int bad_set_asn1(EVP_CIPHER_CTX ctx, ASN1_TYPE typ)
102	{ FIPS_ERROR_IGNORED("Cipher set_asn1"); return 0;}
103	int bad_get_asn1(EVP_CIPHER_CTX ctx, ASN1_TYPE typ)
104	{ FIPS_ERROR_IGNORED("Cipher get_asn1"); return 0;}
105	int bad_ctrl(EVP_CIPHER_CTX ctx, int type, int arg, void ptr)
106	{ FIPS_ERROR_IGNORED("Cipher ctrl"); return 0;}
107
108	static const EVP_CIPHER bad_cipher =
109	{
110	0,
111	0,
112	0,
113	0,
114	0,
115	bad_init,
116	bad_do_cipher,
117	NULL,
118	0,
119	bad_set_asn1,
120	bad_get_asn1,
121	bad_ctrl,
122	NULL
123	};
124
125	#endif
126
127	int EVP_CipherInit_ex(EVP_CIPHER_CTX ctx, const EVP_CIPHER cipher, ENGINE *impl,	85	int EVP_CipherInit_ex(EVP_CIPHER_CTX ctx, const EVP_CIPHER cipher, ENGINE *impl,
128	const unsigned char key, const unsigned char iv, int enc)	86	const unsigned char key, const unsigned char iv, int enc)
129	{	87	{
@@ -188,6 +146,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX ctx, const EVP_CIPHER cipher, ENGINE *imp
188	else	146	else
189	ctx->engine = NULL;	147	ctx->engine = NULL;
190	#endif	148	#endif
		149
191	ctx->cipher=cipher;	150	ctx->cipher=cipher;
192	if (ctx->cipher->ctx_size)	151	if (ctx->cipher->ctx_size)
193	{	152	{
@@ -251,24 +210,6 @@ skip_to_init:
251	}	210	}
252	}	211	}
253		212
254	#ifdef OPENSSL_FIPS
255	/* After 'key' is set no further parameters changes are permissible.
256	* So only check for non FIPS enabling at this point.
257	*/
258	if (key && FIPS_mode())
259	{
260	if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS)
261	& !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
262	{
263	EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_DISABLED_FOR_FIPS);
264	ERR_add_error_data(2, "cipher=",
265	EVP_CIPHER_name(ctx->cipher));
266	ctx->cipher = &bad_cipher;
267	return 0;
268	}
269	}
270	#endif
271
272	if(key \|\| (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {	213	if(key \|\| (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
273	if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;	214	if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
274	}	215	}